GLSA-200911-05 : Wireshark: Multiple vulnerabilities

High Nessus Plugin ID 42915


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200911-05 (Wireshark: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Wireshark:
Ryan Giobbi reported an integer overflow in wiretap/erf.c (CVE-2009-3829).
The vendor reported multiple unspecified vulnerabilities in the Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector (CVE-2009-3550), and in the dissect_negprot_response() function in packet-smb.c in the SMB dissector (CVE-2009-3551).
Impact :

A remote attacker could entice a user to open a specially crafted 'erf' file using Wireshark, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. A remote attacker could furthermore send specially crafted packets on a network being monitored by Wireshark or entice a user to open a malformed packet trace file using Wireshark, possibly resulting in a Denial of Service.
Workaround :

There is no known workaround at this time.


All Wireshark users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.3'

See Also

Plugin Details

Severity: High

ID: 42915

File Name: gentoo_GLSA-200911-05.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2009/11/30

Modified: 2016/11/11

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:wireshark, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/11/25

Reference Information

CVE: CVE-2009-2560, CVE-2009-3241, CVE-2009-3242, CVE-2009-3243, CVE-2009-3549, CVE-2009-3550, CVE-2009-3551, CVE-2009-3829

BID: 35748, 36408, 36591, 36846

OSVDB: 56019, 56020, 56021, 58157, 58237, 58238, 59458, 59459, 59460, 59461, 59478

GLSA: 200911-05

CWE: 20, 189